Mageia: Security Advisory (MGASA-2014-0492)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-9016

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/wordpresslongpassworddos.rb 2025-02-06 03:13:42+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:33+00:00| seen...

WordPress Long Password DoS

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service CPU consumption via a long password that is improperly handled during hashing. This module requires Metasploit: https://metasploit.com/download Current source:...

Fedora 21 : drupal7-7.34-1.fc21 (2014-15583)

Drupal 7.34, 2014-11-19 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Fedora Update for drupal7 FEDORA-2014-15522

Check the version of drupal7 SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868537";...

Fedora Update for drupal7 FEDORA-2014-15528

Check the version of drupal7 SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868536";...

Fedora 19 : drupal7-7.34-1.fc19 (2014-15522)

Drupal 7.34, 2014-11-19 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Drupal / WordPress Memory Exhaustion

==================================================================== DESCRIPTION: ==================================================================== A vulnerability present in Wordpress novaliduserpayload && printf "%s" 1..1000000 novaliduserpayload && echo -n "&op=Log in&formid=userlogin"...

[SECURITY] [DSA 3075-1] drupal7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3075-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 20, 2014 http://www.debian.org/security/faq -...

Updated drupal packages fix security vulnerabilities

Updated drupal packages fix security vulnerability: Aaron Averill discovered that a specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session CVE-2014-9015. Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that the...

Design/Logic Flaw

wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service CPU consumption via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016...

CVE-2014-9034

wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service CPU consumption via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016...

CVE-2014-9016

CVE-2014-9016 affects Drupal 7.x prior to 7.34 and the Secure Password Hashes (phpass) module 6.x-2.x prior to 6.x-2.1. The issue is a denial-of-service condition caused by the password hashing API, where a crafted request can exhaust CPU and memory. Remediation is to update to Drupal 7.34+ and p...

Drupal 6.x < 6.34 / 7.x < 7.34 Multiple Vulnerabilities

The remote web server is running a version of Drupal that is 6.x prior to 6.34 or 7.x prior to 7.34. It is, therefore, potentially affected by the following vulnerabilities : - There exists an unspecified flaw that is triggered when handling a specially crafted request that may allow a remote...

drupal: session hijacking and denial of service

Custom configured session.inc and password.inc need to be audited as well to verify if they are prone to the following vulnerabilities. More information can be found in the upstream advisory 0. - CVE-2014-9015 session hijacking Aaron Averill discovered that a specially crafted request can give a...

SA-CONTRIB-2014-113 - Secure Password Hashes - Denial of Service

This module enables a more secure password storage for Drupal 6 by back-porting the code used in Drupal 7 core. A vulnerability in this API allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive...

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2014-006

Session hijacking Drupal 6 and 7 A specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session. This attack is known to be possible on certain Drupal 7 sites which serve both HTTP and HTTPS content "mixed-mode", but it is possible...

Debian: Security Advisory (DSA-3075-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...